An efficient attribute-based hierarchical data access control scheme in cloud computing

Security issues in cloud computing have become a hot topic in academia and industry, and CP-ABE is an effective solution for managing and protecting data. When data is shared in cloud computing, they usually have multiple access structures that have hierarchical relationships. However, existing CP-ABE algorithms do not consider such relationships and just require data owners to generate multiple ciphertexts to meet the hierarchical access requirement, which would incur substantial computation overheads. To achieve fine-grained access control of multiple hierarchical files effectively, first we propose an efficient hierarchical CP-ABE algorithm whose access structure is linear secret sharing scheme. Moreover, we construct an attribute-based hierarchical access control scheme, namely AHAC. In our scheme, when a data visitor’s attributes match a part of the access control structure, he can decrypt the data that associate with this part. The experiments show that AHAC has good security and high performance. Furthermore, when the quantity of encrypted data files increases, the superiority of AHAC will be more significant.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[2]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[3]  John W. Rittinghouse,et al.  Cloud Computing: Implementation, Management, and Security , 2009 .

[4]  Guangjun Liu,et al.  Ciphertext-Policy Hierarchical Attribute-based Encryption for Fine-Grained Access Control of Encryption Data , 2014, Int. J. Netw. Secur..

[5]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[6]  Ji Zhang,et al.  A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing , 2017, Cluster Computing.

[7]  Syam Kumar Pasupuleti,et al.  A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud , 2018, Journal of Ambient Intelligence and Humanized Computing.

[8]  Zhenfu Cao,et al.  Accountable CP-ABE with Public Verifiability: How to Effectively Protect the Outsourced Data in Cloud , 2017, Int. J. Found. Comput. Sci..

[9]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[10]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[11]  Yang Xiang,et al.  Attribute-Based Access Control with Constant-Size Ciphertext in Cloud Computing , 2017, IEEE Transactions on Cloud Computing.

[12]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[13]  Jiguo Li,et al.  Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing , 2017, IEEE Transactions on Services Computing.

[14]  Zhiying Wang,et al.  Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing , 2018, Future Gener. Comput. Syst..

[15]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[16]  Fuchun Guo,et al.  Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes , 2018, Inf. Sci..

[17]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[19]  Xiaojiang Du,et al.  Efficient attribute-based encryption with attribute revocation for assured data deletion , 2018, Inf. Sci..

[20]  Ruixuan Li,et al.  Secure, Efficient and Fine-Grained Data Access Control Mechanism for P2P Storage Cloud , 2014, IEEE Transactions on Cloud Computing.

[21]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[22]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[23]  Faiez Zalila,et al.  Model-Driven Elasticity Management with OCCI , 2019, IEEE Transactions on Cloud Computing.

[24]  Masami Mohri,et al.  Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating , 2015, Human-centric Computing and Information Sciences.

[25]  Zhiyong Xu,et al.  A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing , 2018, IEEE Transactions on Cloud Computing.

[26]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[27]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[28]  Jian Shen,et al.  An Expressive Hidden Access Policy CP-ABE , 2017, 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC).

[29]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[30]  Jian Shen,et al.  User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage , 2018, IEEE Systems Journal.

[31]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[32]  Fenghua Li,et al.  Achieving Lightweight and Secure Access Control in Multi-authority Cloud , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[33]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[34]  Rainer Steinwandt,et al.  Multi-authority attribute-based encryption with honest-but-curious central authority , 2012, Int. J. Comput. Math..

[35]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[36]  CaoZhenfu,et al.  Secure threshold multi authority attribute based encryption without a central authority , 2008, Inf. Sci..